Opencart

Opencart

40 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.9

CVE-2018-11495

Exploit
  • EPSS 0.59%
  • Veröffentlicht 26.05.2018 20:29:00
  • Zuletzt bearbeitet 21.11.2024 03:43:29

OpenCart through 3.0.2.0 allows directory traversal in the editDownload function in admin\model\catalog\download.php via admin/index.php?route=catalog/download/edit, related to the download_id. For example, an attacker can download ../../config.php.

8

CVE-2018-11494

Exploit
  • EPSS 0.5%
  • Veröffentlicht 26.05.2018 20:29:00
  • Zuletzt bearbeitet 21.11.2024 03:43:29

The "program extension upload" feature in OpenCart through 3.0.2.0 has a six-step process (upload, install, unzip, move, xml, remove) that allows attackers to execute arbitrary code if the remove step is skipped, because the attacker can discover a s...

9.8

CVE-2014-3990

Exploit
  • EPSS 10.96%
  • Veröffentlicht 20.03.2018 21:29:00
  • Zuletzt bearbeitet 21.11.2024 02:09:17

The Cart::getProducts method in system/library/cart.php in OpenCart 1.5.6.4 and earlier allows remote attackers to conduct server-side request forgery (SSRF) attacks or possibly conduct XML External Entity (XXE) attacks and execute arbitrary code via...

7.2

CVE-2016-10509

Exploit
  • EPSS 0.51%
  • Veröffentlicht 31.08.2017 20:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

SQL injection vulnerability in the updateAmazonOrderTracking function in upload/admin/model/openbay/amazon.php in OpenCart before version 2.3.0.0 allows remote authenticated administrators to execute arbitrary SQL commands via a carrier (aka courier_...

6.1

CVE-2015-4671

Exploit
  • EPSS 0.26%
  • Veröffentlicht 12.01.2016 19:59:01
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in OpenCart before 2.1.0.2 allows remote attackers to inject arbitrary web script or HTML via the zone_id parameter to index.php.

5

CVE-2011-3763

Exploit
  • EPSS 1.12%
  • Veröffentlicht 24.09.2011 00:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

OpenCart 1.4.9.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by system/startup.php and certain other files.

6.8

CVE-2010-1610

  • EPSS 0.16%
  • Veröffentlicht 29.04.2010 19:30:00
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site request forgery (CSRF) vulnerability in index.php in OpenCart 1.4 allows remote attackers to hijack the authentication of an application administrator for requests that create an administrative account via a POST request with the route par...

7.5

CVE-2010-0956

Exploit
  • EPSS 0.32%
  • Veröffentlicht 10.03.2010 20:14:34
  • Zuletzt bearbeitet 11.04.2025 00:51:21

SQL injection vulnerability in index.php in OpenCart 1.3.2 allows remote attackers to execute arbitrary SQL commands via the page parameter.

5

CVE-2009-1621

Exploit
  • EPSS 2.36%
  • Veröffentlicht 12.05.2009 16:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Directory traversal vulnerability in index.php in OpenCart 1.1.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the route parameter.

7.5

CVE-2009-1027

  • EPSS 0.41%
  • Veröffentlicht 20.03.2009 00:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

SQL injection vulnerability in OpenCart 1.1.8 allows remote attackers to execute arbitrary SQL commands via the order parameter.